Owen Williams from The Next Web, who discovered the bug, said: 'The Python script found on Git Hub appears to have allowed a malicious user to repeatedly guess passwords on Apple's 'Find my i Phone' service without alerting the user or locking out the attacker.'If the attacker was successful and gets a match by guessing passwords against Find my i Phone, they would be able to, in theory, use this to log into i Cloud and sync the i Cloud Photo Stream with another Mac or i Phone in a few minutes, again, without the attacked user's knowledge.